U.S. Upgrade Of Encryption Puts Banks in Pivotal Role

A federal agency's action has cleared the way for the financial industry and its technology suppliers to prepare for a new era in information security.

The National Institute of Standards and Technology, a part of the Department of Commerce, designated five finalists last week in a competition under way since 1997 to revise and strengthen the government standard for data encryption.

Though the naming of a single winner, likely to be adopted in both public and private sectors worldwide, is still possibly a year away, people familiar with the process say it has been managed so fairly and skillfully that the implications for future system developments are already quite clear. No industry is in a better position than banking to influence commercial adoption of a stronger security standard, they say, and bank technologists are exploring their options.

The standards agency, NIST, has described its program as the Olympics of information scrambling and one of the most important competitions in the history of cryptography. But bank data security expert Kawika Daguio, who recently left the American Bankers Association to found the Financial Information Protection Association, said the finalist announcement is really the start of a new race. Now we can begin to standardize around at least some of the finalists.

Among them are submissions by International Business Machines Corp., both the leading computer vendor to banks and the inventor of the current encryption standard, and by the development laboratory of RSA Data Security Inc., a company regarded as the de facto standards-setter for commercial cryptography practices.

The existing federal standard, 22 years old, is widely considered to be on its last legs.

Data encryption codes, which protect sensitive information files and messages, are only as strong as the number of computer bits - ones and zeroes - that comprise the keys for scrambling and unscrambling.

The objective set by NIST in 1997 is to replace the federal Data Encryption Standard, known as DES and based on a 56-bit key length, with an Advanced Encryption Standard, AES, at no less than 128 bits.

RSA and other strong-encryption advocates have demonstrated the vulnerability of 40- and 56-bit key strings.

RSA has sponsored contests in which these codes have been broken by parallel-processing computers in a matter of hours.

With an equivalent amount of computing power, it could take billions or trillions of years to test all the possible key combinations at the 128-bit, 192-bit, or 256-bit levels specified in AES. Mathematicians and computer scientists say that that should provide peace of mind well into the next century.

Secretary of Commerce William Daley, in a statement last week, put the project in the context of electronic commerce, a recurring promotional theme of the Clinton administration.

This is a critical milestone, he said. The AES will serve as an important security tool in support of the dynamic growth of electronic commerce.

An AES, even when completed, may not quell all the controversies that continually swirl around this part of the computer world.

It does not address, for example, the thorny privacy-rights issue of whether and how government agencies might gain access to keys for law enforcement or national security reasons.

And there remain plenty of practical and business questions regarding the role of data encryption and digital certificates in e-commerce, and whether the processes can be simplified and understood enough to gain universal market acceptance.

But there seems to be almost no dispute about the way the AES competition has been conducted, or about the principle of moving toward virtually unbreakable codes.

Everyone says this has been the most open and fair process that the government could have engaged in, Mr. Daguio said.

We are extremely gratified to be among the final candidates, said Burt Kaliski, chief scientist at RSA Laboratories in San Mateo, Calif.

We applaud the atmosphere of openness and cooperation NIST has encouraged in this process and look forward to continued collaboration as we enter the final stages, Mr. Kaliski said.

Openness and cooperation were essential to ensure maximum acceptance of the outcome, observers said.

Though NIST is a U.S. agency and is technically advancing what is known as a Federal Information Processing Standard, the AES effort was global in scope with a hopeful eye toward universality.

AES will be significant because of the international adoption, said Shawn Abbott chief technology officer of Rainbow Technologies Inc. in Irvine, Calif., a major supplier of cryptographic hardware to the U.S. government and increasingly to banks and others in the private sector.

Technology designers have grown accustomed to having to support multiple encryption algorithms.

Even with AES on the horizon, the Federal Reserve System and many banks have moved toward a juiced-up version of the Data Encryption Standard, Triple-DES, which might now be coexisting with other interim steps toward AES.

AES promises to be a single international algorithm, Mr. Abbott said.

No one wants to waste money, and the way this process has been coordinated, people won't have to waste a lot of time testing, Mr. Daguio said.

All the candidates look good, he said, but I am most impressed with the process.

He said he intends to work on further coordination between NIST and the X9 financial industry standards committee, which is administered by the ABA.

Glenda Barnes, an X9 leader and director of financial services marketing at Cybersafe Corp., has pointed out that commercial acceptance of DES in the 1970s hinged on the banking industry and its standards body, and history may now repeat itself with AES.

With the naming of the finalists, NIST has entered into a second, more in-depth review period that it calls Round 2.

Comments on the candidates are invited through May 15, 2000, and there will be an open airing of the analyses and any other concerns at a conference April 13-14 in New York.

After May 15, according to the NIST Web site, the agency intends to study all available information and propose the AES, which will incorporate one or more AES algorithms selected from the finalists.

The finalist algorithms, some of them with catchy nicknames, are:

Mars, from IBM.

RC6, from RSA Laboratories, which is an optimized variant of RC5, developed by RSA founder Ronald Rivest.

Rijndael, developed by Joan Daemen and Vincent Rijmen of Belgium.

Serpent, developed by Ross Anderson of the United Kingdom, Eli Biham of Israel, and Lars Knudsen of Norway.

Twofish, developed by Bruce Schneier and others associated with Counterpane Systems of Minneapolis, building upon a previous system called Blowfish.

In Round 1, NIST evaluated 15 algorithms from 12 countries. Submissions that did not make the cut came from such companies as Cylink Corp. and Entrust Technologies Inc. of the United States, Deutsche Telekom of Germany, and NTT of Japan.